Trellix Helix with GenAI

We use routing and switches, IP phones, routers, switches, and a core switch. We also have Identity Services Engine, but it is end of life or end of support now, so we are working on replacing it.

Our solutions cut across various security products from Sophos and Trellix. We started with McAfee for 15 years and have now transitioned to Trellix, which acquired McAfee.

Basically, we use this to protect our endpoints.

Trellix Endpoint Detection and Response (EDR)  does everything. It saves time, it saves money, and of course, it provides peace of mind. Anytime management wants any report, we can generate it automatically and push it. This is quite effective.

First, it is user-friendly. Second, it works with a lot of products and many different versions of Windows. Third, the reporting module is very good. Because if you are using Endpoint Protection with ePO, it has a central console that is quite easy to manage all endpoints at a single dashboard. It has very good threat intelligence.

In addition to the threat intelligence, it is easy to manage and granular. We can easily manage products up to the client level, and we know what is happening, then we do a lot of threat analysis. There are many resources that we can use. They also have very good support.

Trellix Endpoint Detection and Response (EDR)  has very good threat hunting capability. We can use the logs to see when a process starts and what it hits, and the other processes or services it has affected. This is quite encouraging.

They can enhance Trellix Endpoint Detection and Response (EDR) using AI now to do more enhanced reporting and more enhanced threat analysis. There are some client task assignments and policies that should be automatically automated with AI with a click of a button. They should introduce AI and do a lot of things.

We have used this for 16 years. All this information, how can we protect it? Are we covered by the GDPR regulation?

Initially, I was using it on servers, but it consumes a lot of resources on servers. So I have to use Sophos XDR  on servers because Sophos XDR  does not consume resources. That is the difference.

We do a lot of research. Our only problem with Trellix is that it is resource intensive and takes a lot of resources. However, we found out that it works on our systems and on our desktops. But on our servers, we do not want it to touch our resources, so we deployed Sophos XDR on the server.

It is straightforward. The only little challenge is that you have to get all the necessary updates for it to connect to the database.

I am using on-premises with the ePolicy Orchestrator  and then we apply the license. After the product is already installed, we do the necessary upgrade, restart the system, and then push the agents to the endpoints. Then we receive updates and manage our clients.

We have partners that provide Trellix Endpoint Detection and Response (EDR), so we work with them to deploy.

It is quite reasonable.

For network troubleshooting, I moved to security now and I am not in network, but I think they are using Cisco product too for that.

My main use case for Trellix Endpoint Detection and Response (EDR)  will be at JPFV Corporation, where I led enterprise-level cybersecurity initiatives that included vendor evaluation and technical comparison, POC (Proof of Concept) driven selection process, executive-level presentation to IT corporation management, and general management. I am responsible for coordinating the migration from legacy endpoint protection to next-generation EDR solutions, including Trellix Endpoint Detection and Response (EDR)  or equivalent technology, ensuring detection capability improvement, reduction of dwell time, and endpoint telemetry visibility, aligning with zero-trust principles.

In my role as Information Security Administrator at a national oil and gas corporation, I use Trellix Endpoint Detection and Response (EDR) as part of our enterprise endpoint security architecture. A scenario where it made a difference is during daily monitoring when the EDR console generated a behavior alert indicating suspicious PowerShell execution, credential dumping-like behavior patterns, and an abnormal parent-child process tree involving Office spawning CMD and PowerShell. This activity occurred on a privileged user workstation within the corporate domain. The actions taken were immediate investigation, containment, RCA (root cause analysis), and remediation and hardening.

Trellix Endpoint Detection and Response (EDR) has positively impacted my organization by reducing business risk, facilitating faster incident response, and improving endpoint security posture.

For me, the best features Trellix Endpoint Detection and Response (EDR) offers are its technical capability, agent deployment and onboarding at scale, policy configuration, advanced rule tuning, malware and suspicious behavior investigation, important process tree analysis, integration with the SIEM /XDR  ecosystem, hardening and performance optimization, Operation Blue Team experience, monitoring endpoint telemetry and behavioral alerts, incident triage, and RCA root cause analysis.

Beyond detection, Trellix Endpoint Detection and Response (EDR) allows us to identify risky PowerShell use patterns, detect unauthorized administrative tools, and monitor abnormal privileged behavior, thereby strengthening application control policies. Trellix Endpoint Detection and Response (EDR) has improved our security posture, not just alert management.

I believe that Trellix Endpoint Detection and Response (EDR) can be improved with better integration with other tools such as Cisco, Check Point, and Palo Alto. Cybersecurity professionals need agnostic tools that integrate with all the tools in their network.

I think the workflow could be better; it is difficult to translate as simple letters and needs a more intuitive investigation workflow.

I chose a six for my rating because I need EDR integration with different tools, tools with an intuitive investigation workflow, advanced native threat hunting queries, and cloud and hybrid visibility expansion. An important point would be noise reduction and alert context enrichment, as some medium-severity alerts may require additional contextual enrichment or automatic correlation with identity risk scores to help prioritize better.

I have been using Trellix Endpoint Detection and Response (EDR) for four years.

In my case, Trellix Endpoint Detection and Response (EDR) is stable.

Trellix Endpoint Detection and Response (EDR) is a good tool with technology that offers scalability for any network.

Customer support for Trellix Endpoint Detection and Response (EDR) specifically is not good; it is slow and lacks sufficient engineers to attend to client cases effectively.

I previously used Harmony from Check Point.

I have seen a measurable return on investment from deploying Trellix Endpoint Detection and Response (EDR), particularly in regulated or critical infrastructure environments, with a reduction in mean time to detect and mean time to contain and an important reduction in incident escalation.

In my experience, as a final client and a provider, the pricing model for Trellix Endpoint Detection and Response (EDR) is typical, tier-based depending on capabilities, with add-on costs for integration or extended retention, similar to other EDR technologies.

Before choosing Trellix Endpoint Detection and Response (EDR), I evaluated other options such as Palo Alto Cortex , Forcepoint, and Harmony from Check Point.

I do not rely only on alerts; I proactively hunt for threats on a weekly basis by querying for suspicious PowerShell executions and reviewing uncommon parent-child process relationships. This helps identify low-and-slow threats that may not trigger high-severity alerts.

In a specific in-work case, a user opened a malicious document, and no traditional antivirus signature triggered it. Trellix Endpoint Detection and Response (EDR) behavioral analytics flagged an abnormal PowerShell invocation. Using the process tree view, I confirmed that Office initiated it, followed by CMD.exe, and finally  PowerShell, leading to an outbound network call.

My advice for others looking into using Trellix Endpoint Detection and Response (EDR) is not to buy it as just an antivirus replacement. You have to plan, make a strong tuning phase, define clear use cases before deployment, integrate with broader security architecture, train your analysts on behavioral investigation, and evaluate cloud and hybrid needs. I gave this product a rating of six out of ten.

We are in the energy market, specifically in energy generation. We got the Trellix EDR installed in most endpoints.

The tool helps us to traverse possible thread incidents thru our mult site network infrastructure. In case of any forensic case it will be helpful to hunt thru the history or evidence information the EDR collects.

Trellix Endpoint Detection and Response (EDR)  is valuable because we have a Wide Area Network with many sites, and the EDR is cross-site since it is configured and managed from the cloud. This is very useful because it does not matter what is happening at one endpoint of the company in one site and the relation of an incident with another computer or endpoint at another site. All the tree of data that we have, which may be a lot of information help us to argue whether it is going to be a threat or not, can be analyzed. Most of the threats are not really threats, but we can see what is happening in the relations, in the networking, and the data that comes back and forth through our company's network infrastructure.

Threat hunting is valuable because it pinpoints what is happening everywhere in our networking infrastructure. We have a company contract working through a NOC- network operating center 24 hours a day. They are sending us reports many times a day if any threat is arising or asking why this operation has come through or if it is valid or not, or whether we have approved it. We have a lot of that type of information, but we need to manage the contract in a much more efficient way because I do not have the time to read the many information that comes through the network operating center, the security operating center, or the tools itself and the notification reports that I have. While I am managing the policies and the standards, I need a lot of people to monitor, detect, and recover if something happens. The tools are not useful for that. We need to have people with enough expertise to manage all of this.

I believe this is a product in evolution. I do not think it is a final tool to conduct forensics or information forensics of the incidents or information incidents that could arise in our network infrastructure. Trellix Endpoint Detection and Response (EDR)  is interesting and is a very good entry point that has been evolving through the last years. In the next two months, I have a new contract, and we are pointing out to have an XDR  solution with NDR and EDR together.

I do not have enough time to do it because I am the manager. However, my coworkers do not understand it yet. I have a contract with a third-party company that is making reports around that, but also they do not have enough experience or enough utility of this.

It would be interesting if I have a notification system from EDR. For example, if I am the manager, it would be interesting to have a warning, alarm, or something around that which could call me to get into the system and the dashboard to see what is happening. For example, if it is a high-level threat. However, most of them are just advisory or warnings. I do not enter the tool frequently. I guess I access it once every three months.

I have been using Trellix Endpoint Detection and Response (EDR) for about six years.

As mentioned, this is an evolutionable tool. In the past there has been many times when the tool clogged the endpoints and we had to uninstall it. Windows (c) 10 enterprise edition, for instance, has some problems.

I have not scalate the EDR solution yet. We have not had a critical alert to do it. It's supossed that the SOC company should do it just in the case.

Tech support may be tricky if the support comes from Asia experts. Eeryone here speaks spanish and I are not affordable most of time. The tech is interesting when a high support level is called. Once someone from Argentina helped me that has excellent skills. We need more like her.

No other EDR solutions.

I guess it was complex. To get the EDR operating useful I had to wait around 2 years.

Bafing from Peru is an integrator and consultant. They had done all of the work, and accompanied us many years.

Of course this is a yes. I had called the US partner during the past years when I need the support directly from the manufacturer and I got all the help to workaround or overcame issues. That had happended when my local partner company was not enough.

I pay for what we get. But the service level from my partner company is not enough to overcome a complex case.

We are a gobernment company, so we ask the system to contract a company that is resourceful with cybersecurity withount mentioning the name or mark. We had been using Trellix since it was Mc Afee. But I had evaluated solutions from Microsoft, Panda, ESNET, as general malware tools.

This year, I am planning to have a training for all the personnel of the company in every department so they can learn the basics of the endpoint tool. They can have more actions for possible threats or everything so they can help my department to make a better and faster action if something real is happening. Something like ethical hacking or a service, but using my own personnel in the company. I know that it is difficult, but I want to try to make that this year.

I have evaluated many products including Fortinet environment and a lot of appliances, and also many other products that we have now. I have evaluated around six or seven other brands or other products. However, I have learned Trellix Endpoint Detection and Response (EDR) tools and before that McAfee, around two decades. It is enough expertise that we have made. I do not want to lose that with maybe another interesting tool. For example, what would be interesting is if an XDR  tool that can help us in managing the threats of the cybersecurity environment uses AI as an agent, a trained agent that helps our department, so it has to be trained first by a company like Trellix or another with the expertise or the capacity to help us actually. That is one thing I can recommend.

In February or March, I am signing a new contract with five levels, three more levels of security that we have now. We will have the tool, the SOC, the operating center service, and we need to manage applications firewall, web filtering, and XDR, and maybe next year also PAM and so on. I rated this solution an 8 out of 10.

I use César for our endpoints, our users, and the services from email and web services, back and forth, and also at the edge of our network. We have contracted firewalls and everything else for networking.

The product and the services we have are quite good. However, I cannot stay at this level forever. I have to improve continuously and dynamically.

Everything is working, and the company is training its personnel. I have had in a few months in the past some attacks on personnel—so phishing, for example. I have spent efforts on training our managers and others - what can software do if the knowledge base is low?

This year, I am going to improve some tools to be installed or maybe acquire some services to better manage our web services and work with my coworkers.

Application fiber also needs attention. Nowadays I am making applications that are publicly seen on the Internet. I need some protection, possibly multi-factor authentication improvements. I am seeing, for workflows, some sort of ethical hacking to test our environment.

Knowledge of everything, not only the product - maybe some kind of alerts - needs to emerge. I see the current ones as very low-tier, and they must improve.

I have used Trellix for some years.

I haven't had any issues. The pricing is very fine and according to the service. Trellix has done a good job reducing threats.

I have spent a lot of time with this product. I have contracted support and also have an operating control so I can get various types of support.

I have used Trellix for some years. In the past, the EDR was McAfee. I have worked with it for around 20 years.

The initial setup is a hard issue.

I have two contractors that help me support the infrastructure here. One is at the edge of networking, and the other is in the endpoints of our company.

I don't have any return on this investment. This is just a security policy for everything.

I haven't had any really great problems with pricing in the past two or three years.

Maybe another level of product and support from manufacturers would be better.

I have seen companies without any EDR services, and we were lacking information. I started with IDR around four years ago, and the support services were very light. I remember doing many tickets for Trellix support, and my EDR was not properly functioning. I didn't feel the detection or the real protection. My company is one among 17 others that are part of a corporation. I am a member of the IT Security Council.

Overall product rating is five out of ten.

I use the solution in my company for malware detection. My customers are mostly banking and government organizations.

The most valuable feature of the solution is its area for threat detection.

When it comes to some unknown fileless attacks, the tool is not able to detect them properly, making it an area where improvements are required.

The tool's support needs to improve in the areas of response it provides to users.

I have been using Trellix Endpoint Detection and Response (EDR) for two and a half years.

Stability-wise, I rate the solution an eight out of ten.

Scalability-wise, I rate the solution an eight out of ten.

I rate the technical support a seven and a half out of ten.

The solution is SaaS-based, and we have deployed it using the hybrid cloud model.

The tool's deployment phase is a lengthy process. For one endpoint, it takes 15 to 20 minutes.

The tool is cost-effective. Many agents need to be installed, and on-premises integration is required.

I haven't worked on the tool to see how it works for security workflow.

My customers have not seen any challenges while working with Trellix Endpoint Detection and Response (EDR) in terms of integrations.

The tool does not support any AI and security initiatives.

The tool is suitable for enterprise companies.

If businesses are completely on the cloud, then the tool is not required. If a company has a hybrid cloud model with an on-premises model, then it will be a good tool to use.

I rate the tool an eight out of ten.